From b21a49a57e411a422c9168d1c919111ae7fd6514 Mon Sep 17 00:00:00 2001
From: chenguo <chenguo@codeaurora.org>
Date: Mon, 19 Nov 2018 19:17:12 +0800
Subject: [PATCH] qcacmn: Peer ref count leaks in ppdu stats and descriptor
 deliver

Because of reference counter decrement is not triggered for every
condition path, it is possible that peer reference counter leaking
happens under some perticular circumstance. Make sure the peer ref
count unreference is called for each possible path.

CRs-Fixed: 2352433
Change-Id: I60bc5a5210519c26c57cdc563d0d1b02d799e090
---
 dp/wifi3.0/dp_htt.c           |  3 +--
 dp/wifi3.0/dp_rx_mon_status.c | 18 +++++++++---------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/dp/wifi3.0/dp_htt.c b/dp/wifi3.0/dp_htt.c
index 7ae8184ba6..6d8a16e356 100644
--- a/dp/wifi3.0/dp_htt.c
+++ b/dp/wifi3.0/dp_htt.c
@@ -2480,11 +2480,10 @@ void dp_ppdu_desc_deliver(struct dp_pdev *pdev,
 			dp_tx_stats_update(pdev->soc, peer,
 					&ppdu_desc->user[i],
 					ppdu_desc->ack_rssi);
-
-			dp_peer_unref_del_find_by_id(peer);
 		}
 
 		dp_tx_rate_stats_update(peer, &ppdu_desc->user[i]);
+		dp_peer_unref_del_find_by_id(peer);
 	}
 
 	/*
diff --git a/dp/wifi3.0/dp_rx_mon_status.c b/dp/wifi3.0/dp_rx_mon_status.c
index 626aedb3ca..b3c60f6a20 100644
--- a/dp/wifi3.0/dp_rx_mon_status.c
+++ b/dp/wifi3.0/dp_rx_mon_status.c
@@ -416,16 +416,16 @@ dp_rx_handle_ppdu_stats(struct dp_soc *soc, struct dp_pdev *pdev,
 				sizeof(struct cdp_rx_indication_ppdu));
 		cdp_rx_ppdu = (struct cdp_rx_indication_ppdu *)ppdu_nbuf->data;
 		peer = dp_peer_find_by_id(soc, cdp_rx_ppdu->peer_id);
-		if (cdp_rx_ppdu->peer_id != HTT_INVALID_PEER) {
-			if (peer) {
-				dp_rx_stats_update(pdev, peer, cdp_rx_ppdu);
-				dp_wdi_event_handler(WDI_EVENT_RX_PPDU_DESC,
-					soc, ppdu_nbuf, cdp_rx_ppdu->peer_id,
-					WDI_NO_VAL, pdev->pdev_id);
-				dp_peer_unref_del_find_by_id(peer);
-			}
-		} else if (pdev->mcopy_mode) {
+		if (peer) {
 			dp_rx_stats_update(pdev, peer, cdp_rx_ppdu);
+			dp_peer_unref_del_find_by_id(peer);
+		}
+		if (cdp_rx_ppdu->peer_id != HTT_INVALID_PEER) {
+			dp_wdi_event_handler(WDI_EVENT_RX_PPDU_DESC,
+					     soc, ppdu_nbuf,
+					     cdp_rx_ppdu->peer_id,
+					     WDI_NO_VAL, pdev->pdev_id);
+		} else if (pdev->mcopy_mode) {
 			dp_wdi_event_handler(WDI_EVENT_RX_PPDU_DESC, soc,
 					ppdu_nbuf, HTT_INVALID_PEER,
 					WDI_NO_VAL, pdev->pdev_id);